SlideShare a Scribd company logo

Deriving Optimal Deep Learning Models for Image-based Malware Classification

Shinagawa Laboratory, The University of Tokyo
Shinagawa Laboratory, The University of Tokyo

Deriving Optimal Deep Learning Models for Image-based Malware Classification. Rikima Mitsuhashi, Takahiro Shinagawa. 37th ACM/SIGAPP Symposium On Applied Computing (ACM SAC 2022), Online, Apr 2022. Poster presentation.

Software
1 of 6
Download to read offline
Deriving Optimal Deep Learning Models for Image-based Malware Classification ACM SAC, April 2022 Rikima Mitsuhashi and Takahiro Shinagawa The University of Tokyo
 Cyber-attacks with malware have continued  Automatically classifying is useful  Malware analysis is a major burden for security analysts Background Cyber-attack trends and Image-based malware classification 2 α β γ δ Malware variants  Convolutional neural network (CNN) is popular  for image-based malware classification  Malware images are familiar with CNN  Created from malware programs  simple, versatile, easy to use ACM SAC, April 2022 ➢ complex and sophisticated ➢ many variants Recent malware
Problem Fine-tuning degree 3  We can use many types of CNN models  Fine-tuning can be performed for each model  a method of transfer learning  Pre-trained CNN models have the knowledge of natural objects (plants, animals, artifacts, etc. )  However, it is unclear how effective knowledge of natural objects is for malware image classification ACM SAC, April 2022 knowledge of natural objects Training data of malware image
 Investigate 24 pre-trained models and five levels of fine-tuning parameters (Totally, 120 models)  To Frozen means to use the knowledge of natural objects  Evaluated on standard dataset  Malimg (Windows malware) and Drebin (Android malware) Solution Deriving the optimal combination of model and fine-tuning 4 DenseNet121 model Frozen all Frozen none Frozen 3/4 Frozen 1/2 Frozen 1/4 Xception model ・・・ knowledge of natural objects Training data of Malware image VGG19 model ACM SAC, April 2022
0.95 0.96 0.97 0.98 0.99 1 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 EfficientNetB4 on cross-validation Evaluation (1/2) Classification of Malimg and Drebin dataset 5 98.96% Comparison of cross-validation 0.8 0.85 0.9 0.95 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 91.03% Comparison of hold-out validation 1 The accuracy is one of 10 tested in cross-validation 1 ACM SAC, April 2022 Frozen_none Frozen_1/4
Evaluation (2/2) Confusion matrix 6 Confusion matrix of Malimg Confusion matrix of Drebin Summary  Derived optimal deep learning models for Image–based malware classification  EfficientNetB4 with none or only 1/4 of natural object knowledge  Highest classification accuracy  For image-based malware classification  Malimg (98.96%) and Drebin (91.03%) datasets ACM SAC, April 2022

Recommended

Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Shakas Technologies
 
Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...IAESIJAI
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...IJECEIAES
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...IJCSIS Research Publications
 
Android malware detection through online learning
Android malware detection through online learningAndroid malware detection through online learning
Android malware detection through online learningIJARIIT
 
Predict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxPredict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxlaharisai03
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith Jones, PhD
 

Recommended

Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Shakas Technologies
 
Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...IAESIJAI
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...IJECEIAES
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...IJCSIS Research Publications
 
Android malware detection through online learning
Android malware detection through online learningAndroid malware detection through online learning
Android malware detection through online learningIJARIIT
 
Predict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxPredict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxlaharisai03
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith Jones, PhD
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248Anatoliy Tkachev
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...CSCJournals
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...IRJET Journal
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxnishanth kurush
 
Today
TodayToday
TodaySherin Bennet
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Zahid Qaisar
 
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...IJCI JOURNAL
 
Paper-1 PPT.pptx
Paper-1 PPT.pptxPaper-1 PPT.pptx
Paper-1 PPT.pptxSangeeta Mehta
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxtarkovtarkovski
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
 
Hancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueHancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueCSITiaesprime
 
Towards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine LevelTowards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine LevelShinagawa Laboratory, The University of Tokyo
 
DMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA FaultsDMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA FaultsShinagawa Laboratory, The University of Tokyo
 

More Related Content

Similar to Deriving Optimal Deep Learning Models for Image-based Malware Classification

Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...CSCJournals
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...IRJET Journal
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxnishanth kurush
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Zahid Qaisar
 
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...IJCI JOURNAL
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxtarkovtarkovski
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
 
Hancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueHancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueCSITiaesprime
 

Similar to Deriving Optimal Deep Learning Models for Image-based Malware Classification (20)

Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive Defense
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptx
 
Today
TodayToday
Today
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)
 
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
 
Paper-1 PPT.pptx
Paper-1 PPT.pptxPaper-1 PPT.pptx
Paper-1 PPT.pptx
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...
 
Hancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueHancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent technique
 

More from Shinagawa Laboratory, The University of Tokyo

ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価Shinagawa Laboratory, The University of Tokyo
 

More from Shinagawa Laboratory, The University of Tokyo (11)

Towards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine LevelTowards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine Level
 
DMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA FaultsDMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA Faults
 
遅延レイヤ取得による高互換コンテナ起動高速化手法
遅延レイヤ取得による高互換コンテナ起動高速化手法遅延レイヤ取得による高互換コンテナ起動高速化手法
遅延レイヤ取得による高互換コンテナ起動高速化手法
 
ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価
 
A Robust and Flexible Operating System Compatibility Architecture
A Robust and Flexible Operating System Compatibility ArchitectureA Robust and Flexible Operating System Compatibility Architecture
A Robust and Flexible Operating System Compatibility Architecture
 
FaultVisor2: Testing Hypervisor Device Drivers against Real Hardware Failures
FaultVisor2: Testing Hypervisor Device Drivers against Real Hardware FailuresFaultVisor2: Testing Hypervisor Device Drivers against Real Hardware Failures
FaultVisor2: Testing Hypervisor Device Drivers against Real Hardware Failures
 
Distributed Denial of Service Attack Prevention at Source Machines
Distributed Denial of Service Attack Prevention at Source MachinesDistributed Denial of Service Attack Prevention at Source Machines
Distributed Denial of Service Attack Prevention at Source Machines
 
The Quick Migration of File Servers
The Quick Migration of File ServersThe Quick Migration of File Servers
The Quick Migration of File Servers
 
Unified Hardware Abstraction Layer with Device Masquerade
Unified Hardware Abstraction Layer with Device MasqueradeUnified Hardware Abstraction Layer with Device Masquerade
Unified Hardware Abstraction Layer with Device Masquerade
 
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
BMCArmor: A Hardware Protection Scheme for Bare-metal CloudsBMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
 
VM-aware Adaptive Storage Cache Prefetching
VM-aware Adaptive Storage Cache PrefetchingVM-aware Adaptive Storage Cache Prefetching
VM-aware Adaptive Storage Cache Prefetching
 

Recently uploaded

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfAMB-Review
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEJelle | Nordend
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024Ortus Solutions, Corp
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion Clinic
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Krakówbim.edu.pl
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
 
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisNeo4j
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptxGeorgi Kodinov
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILNatan Silnitsky
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessWSO2
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAlluxio, Inc.
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobus
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
 
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfkalichargn70th171
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
 

Recently uploaded (20)

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Kraków
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysis
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 

Deriving Optimal Deep Learning Models for Image-based Malware Classification

  • 1. Deriving Optimal Deep Learning Models for Image-based Malware Classification ACM SAC, April 2022 Rikima Mitsuhashi and Takahiro Shinagawa The University of Tokyo
  • 2.  Cyber-attacks with malware have continued  Automatically classifying is useful  Malware analysis is a major burden for security analysts Background Cyber-attack trends and Image-based malware classification 2 α β γ δ Malware variants  Convolutional neural network (CNN) is popular  for image-based malware classification  Malware images are familiar with CNN  Created from malware programs  simple, versatile, easy to use ACM SAC, April 2022 ➢ complex and sophisticated ➢ many variants Recent malware
  • 3. Problem Fine-tuning degree 3  We can use many types of CNN models  Fine-tuning can be performed for each model  a method of transfer learning  Pre-trained CNN models have the knowledge of natural objects (plants, animals, artifacts, etc. )  However, it is unclear how effective knowledge of natural objects is for malware image classification ACM SAC, April 2022 knowledge of natural objects Training data of malware image
  • 4.  Investigate 24 pre-trained models and five levels of fine-tuning parameters (Totally, 120 models)  To Frozen means to use the knowledge of natural objects  Evaluated on standard dataset  Malimg (Windows malware) and Drebin (Android malware) Solution Deriving the optimal combination of model and fine-tuning 4 DenseNet121 model Frozen all Frozen none Frozen 3/4 Frozen 1/2 Frozen 1/4 Xception model ・・・ knowledge of natural objects Training data of Malware image VGG19 model ACM SAC, April 2022
  • 5. 0.95 0.96 0.97 0.98 0.99 1 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 EfficientNetB4 on cross-validation Evaluation (1/2) Classification of Malimg and Drebin dataset 5 98.96% Comparison of cross-validation 0.8 0.85 0.9 0.95 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 91.03% Comparison of hold-out validation 1 The accuracy is one of 10 tested in cross-validation 1 ACM SAC, April 2022 Frozen_none Frozen_1/4
  • 6. Evaluation (2/2) Confusion matrix 6 Confusion matrix of Malimg Confusion matrix of Drebin Summary  Derived optimal deep learning models for Image–based malware classification  EfficientNetB4 with none or only 1/4 of natural object knowledge  Highest classification accuracy  For image-based malware classification  Malimg (98.96%) and Drebin (91.03%) datasets ACM SAC, April 2022